Can PDFs be a danger to my Mac?

Discussion in 'Mac Basics and Help' started by Texas_Toast, Aug 1, 2016.

  1. Texas_Toast macrumors 6502a

    Texas_Toast

    Joined:
    Feb 6, 2016
    Location:
    Texas
    #1
    How dangerous can a PDF that is downloaded from an email or off a website on the Internet be to my Mac.

    I recently watched a security presentation on YouTube, and the speaker made it sound like PDFs are one of your biggest threats.

    I am not a Bit Torrent type of person, but I do surf as much as the next person, and being a geek, I tend to download PDFs a lot when I am reading up on IT things.

    For instance, last night I found some "free" eBooks on a website and so I downloaded one not even thinking that it could be a risk.

    The eBook looks legitimate, but maybe it was infected with a root kit and know the Chinese have me in their sites? :confused:
     
  2. vmachiel macrumors 68000

    Joined:
    Feb 15, 2011
    Location:
    Holland
    #2
    That's super hard to tell. It's all about whether you trust the website you download from or not. A free ebook (that normally costs money) must come from a shady website so I wouldn't trust it. Whether something happened... you'll know soon enough I guess. Just don't download anything again from a source that you don't trust.
     
  3. hobowankenobi macrumors 6502

    Joined:
    Aug 27, 2015
    Location:
    on the land line mr. smith.
    #3
    These sort of security questions usually have two answers:

    • Current/past known attacks and the probability of attacks in the near future (in this case very, very low)
    • Possible vulnerabilities, that could hypothetically be exploited at some point (in this case....moderate)

    Check out this paper to see what may happen.....at some point. But also notice the first thing mentioned:

    "Adobe Portable Document Format has become the most widespread and used document description format throughout the world. It is also a true programming language of its own, strongly dedicated to document creation and manipulation which has accumulated a lot of powerful programming features from version to version. Until now, no real, exploratory security analysis of the PDF and of its programming power with respect to malware attacks has been conducted. Only a very few cases of attacks are known, which exploit vulnerabilities in the management of exter- nal programming languages (Javacript, VBS). "


    So the short answer is:

    Now: very very little risk.
    Future: nobody knows, but it is possible
     
  4. rshrugged macrumors 6502a

    Joined:
    Oct 11, 2015
    #4
    Some things you could add as routines are --

    Check the url of the site from which you want to download something at VirusTotal using their file scan form.

    Download the item but don't open it. Upload the item to that same scan form or by using the VirusTotal app.
    (I've only used the online scan form.)
     
  5. hobowankenobi macrumors 6502

    Joined:
    Aug 27, 2015
    Location:
    on the land line mr. smith.
    #5
    Hopefully....should malicious PDFs become a thing, AV/Malware tools will be able to find/quarantine/clean these threats.

    And, per the doc I linked to, it may be that Adobe continues to lock down the entire code base, making it harder to insert code or anything malicious.

    One of the best things a mere mortal can do is to run a standard (non-admin) account for day-to-day work, to limit damage from any zero day or otherwise undetected threat.
     
  6. Texas_Toast thread starter macrumors 6502a

    Texas_Toast

    Joined:
    Feb 6, 2016
    Location:
    Texas
    #6
    Yes, I have two accounts and always run as non-admin.
    --- Post Merged, Aug 3, 2016 ---
    Pretty neat trick... Get me to click on a link from BlackHat without even thinking - and its a PDF nonetheless. (If I didn't have any viruses before, I guess that changed after clicking on your link!) ;)
     
  7. hobowankenobi macrumors 6502

    Joined:
    Aug 27, 2015
    Location:
    on the land line mr. smith.

Share This Page